Age | Commit message (Collapse) | Author | |
---|---|---|---|
2013-01-22 | Dmvpn merge with mirantis jan22-2013 | Saurabh Mohan | |
2012-12-27 | DMVPN support with profiles. | Saurabh Mohan | |
2012-10-04 | Bug 8200: Changed grep to not display shim6 | Bharat | |
2012-09-10 | Bugfix 8289: Vti mark values should be implicit | Saurabh Mohan | |
Vti tunnel uses fwmark from the kernel skbuff. This value is now internally allocated instead of getting it from the configuration. Also fixed 8286 where configuration was allowing both a tunnel and VTI between the same vpn src/dst. | |||
2012-08-09 | Bugfix 8264: Check if the intf name is defined before using it in the script. | Saurabh Mohan | |
Fix the error message for undefined intf name in error message. Also, add changes to incorporate mark's from range 0-2047. Print warning if a vti interface is defined but not used. Hopefully this will help users understand that they have a partial configuration. | |||
2012-07-25 | Bugfix 8222: deletion and adding bind parameter under vti deletes vti ↵ | Saurabh Mohan | |
interface in show interfaces output though vti configuration exists The bind, mark parameters can be changed individually but the vti script runs at the vpn node level. By that time the old value is not known. With this change now I find out the exisiting vti tunnels from the kernel and discover the old vti-name, and mark setting from there. After that it is possible to figure out if a. No change was done to a VTI: In that case do not do any config. b. If a tunnel was changed: Delete and create the tunnel again. c. If a tunnel was deleted: Remove the tunnel config from the kernel. d. If the tunnel was added: Configure it. Also, configure the vti interface prior to the strongswan configuration. This way if the ipsec tunnel comes up then we can bring the interface up/down (see Bug 8219). Remove the disable configuration param (see Bug 8221). | |||
2012-06-11 | VTI: Add support call for checking for vti interface name. | Saurabh Mohan | |
2012-05-31 | Bugfix 8100: Be flexible in char accepted in id field. | Saurabh Mohan | |
2012-05-18 | VTI: cfg mark/bind change handlers. | Saurabh Mohan | |
2012-05-16 | Vti config support. | Saurabh Mohan | |
2012-03-29 | Add any special case for local-address instead of 0.0.0.0. | Daniil Baturin | |
2012-03-29 | Rename "local/remote subnet" to "local/remote prefix". | Daniil Baturin | |
2012-03-29 | Fix protocol help string capitalization. | Daniil Baturin | |
2012-03-29 | Add IPv6 address completion for peer. | Daniil Baturin | |
2012-03-29 | Rename local-ip option to local-address. | Daniil Baturin | |
2011-09-19 | Switched POSIX character classes to standard character classes representing ↵ | John Southworth | |
the same data; removed unneeded '.' from regex; add similar regex to match remote-id | |||
2011-07-11 | Remove no longer mandatory nodes so that VPN will work smoothly with webgui2 | John Southworth | |
(cherry picked from commit 3680e3e42b202c78bd3ffe2ec380e007f3359b5f) | |||
2011-04-15 | add help and check for missed auth node so users put it in /config | Mohit Mehta | |
2011-04-13 | * Add help and checks for IPsec x509 nodes to push | Mohit Mehta | |
users towards putting scripts in /config/auth | |||
2011-02-22 | Add bond interfaces to available dhcp interfaces in tab completion | John Southworth | |
2011-02-22 | fix some node.def errors | John Southworth | |
2011-02-16 | Initial support for configuring dhcp-interfaces for IPSEC, needs testing | John Southworth | |
2011-02-09 | Add template for auto-update cli | John Southworth | |
2011-02-08 | Initial x509 for site-to-site ipsec vpn | John Southworth | |
2011-02-04 | Add the ability to define a default esp group for tunnels under a peer to use | John Southworth | |
2011-02-04 | Move protocol out of local and remote nodes as it has to be the same | John Southworth | |
2011-02-03 | Initial additions to support local and remote protoport in general instead ↵ | John Southworth | |
of just for GRE | |||
2011-01-26 | Bugfix: 5677 add protoport option for simpler GRE tunnels, for now this is ↵ | John Southworth | |
specifically for GRE more protocols can be added in the future if required. | |||
2011-01-26 | Fixed node.def to adhere to CLI conventions | John Southworth | |
2011-01-26 | Bug 2506: Moved the connection-type node to the peer level, as discussed ↵ | John Southworth | |
with support. | |||
2011-01-25 | bugfix: 2506 added option to define initiatior or responder mode | John Southworth | |
2010-08-17 | remove low-level config dir usage | An-Cheng Huang | |
2010-08-17 | update help text to use val_help | An-Cheng Huang | |
2010-07-21 | remove verb usage from begining of help strings | Mohit Mehta | |
2010-03-19 | Replace old form (expression) in end: tag | Stephen Hemminger | |
Use shell syntax. | |||
2010-03-18 | Fix Bug 5087 add support to specify PFS group when PFS is enabled | Mohit Mehta | |
2010-01-30 | Fix Bug 1832 VPN copy-tos Disabling copy-tos field doesn't work | Mohit Mehta | |
* remove copy-tos field under 'vpn ipsec'. It's not supposed to work with NETKEY | |||
2010-01-25 | add back CLI node for disabling uniqreqid | Mohit Mehta | |
2010-01-12 | * remove extraneous unused code | Mohit Mehta | |
* use @id for identification when it's specified. It can be used even if local-ip is not 0.0.0.0 * extend syntax check for id to allow specifying hostnames * fix ipsec.secrets generation - if specified always use ids for local and remote peer (cherry picked from commit 3e7a4e45af00c11e6009d38fd97c67c2de0fa145) | |||
2010-01-12 | First pass code changes to vyatta-cfg-vpn for migration to strongswan : | Mohit Mehta | |
Remove CLI support and back-end code for unsupported parameters * No aggressive mode support in strongswan * remove syslog facility.level CLI. strongswan uses authpriv facility by default, no syslog parameter support * remove Robert's disable-uniqreqids option for now. need to get strongswan to do the same thing first Remove Openswan specific parameters added to workaroung bugs * remove plutowait, this was added to workaround Openswan Bug 412 * remove nhelpers, this was added to workaround Openswan Bug 198 Other Changes * add '!' at the end of ike and esp proposal list to signify end of list * replace `ipsec start` commands with built-in commands for `ipsec starter` control utility * replace `ipsec auto` with `ipsec whack` commands. Still need to figure out if `ipsec auto --add|--up $connection` could be replaces by simply using `ipsec update` in stronswan * change pluto.ctl path | |||
2009-11-30 | added required keyword to help text. | Michael Larson | |
2009-10-27 | add support for same reqids to openswan cfg | Robert Bays | |
2009-10-20 | add priority to project node. | slioch | |
2009-10-09 | add allowed values for ike, esp groups | Mohit Mehta | |
2009-08-14 | convert enable to disable node for vpn tunnel | slioch | |
2009-08-14 | add enable node below tunnel with default flag = true | slioch | |
2009-08-13 | added description field to site-to-site peer. | slioch | |
2009-05-26 | Fix 3836: Allow VPN authentication ID to accept values of IP address, domain ↵ | Stig Thormodsrud | |
name and "" enclosed phrases | |||
2009-03-26 | Change "ipsec-interfaces" to use vyatta-interfaces.pl for allowed tag. | Stig Thormodsrud | |
2008-11-11 | allow '+' as a valid character in pre-shared-secret | Mohit Mehta | |